Your message dated Mon, 23 Mar 2026 19:00:15 +0000
with message-id <[email protected]>
and subject line Bug#1131479: fixed in pypdf 6.9.2-1
has caused the Debian Bug report #1131479,
regarding pypdf: CVE-2026-33123
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1131479: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131479
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pypdf
Version: 6.9.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: forwarded -1 https://github.com/py-pdf/pypdf/pull/3686
Hi,
The following vulnerability was published for pypdf.
CVE-2026-33123[0]:
| pypdf is a free and open-source pure-python PDF library. Versions
| prior to 6.9.1 allow an attacker to craft a malicious PDF which
| leads to long runtimes and/or large memory usage. Exploitation
| requires accessing an array-based stream with many entries. This
| issue has been fixed in version 6.9.1.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-33123
https://www.cve.org/CVERecord?id=CVE-2026-33123
[1] https://github.com/py-pdf/pypdf/security/advisories/GHSA-qpxp-75px-xjcp
[2] https://github.com/py-pdf/pypdf/pull/3686
[3]
https://github.com/py-pdf/pypdf/commit/0b5d05de59a055c132b435ee2375bc32ff04d48e
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pypdf
Source-Version: 6.9.2-1
Done: Santiago Ruano Rincón <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pypdf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Santiago Ruano Rincón <[email protected]> (supplier of updated pypdf
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 23 Mar 2026 14:54:01 -0300
Source: pypdf
Architecture: source
Version: 6.9.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Santiago Ruano Rincón <[email protected]>
Closes: 1131479
Changes:
pypdf (6.9.2-1) unstable; urgency=medium
.
* Team upload.
* New upstream version 6.9.2
- Fix CVE-2026-33123: crafted PDF files may yield to long runtimes and/or
large memory usage. (Closes: #1131479)
- Fix CVE-2026-33699: possible infinite loop during recovery attempts in
DictionaryObject.read_from_stream.
Checksums-Sha1:
0824dafd1ea882375c54f78fbc0b2c5badcc5d27 1657 pypdf_6.9.2-1.dsc
abc684861be9c81a0a4cdb6e51031feccfc13700 7137132 pypdf_6.9.2.orig.tar.xz
b0585e8cc16b251609b6fb3da318e88984c91439 8824 pypdf_6.9.2-1.debian.tar.xz
57a7370e3ac49c196b5277c2990da646a9ee0153 7317 pypdf_6.9.2-1_source.buildinfo
Checksums-Sha256:
183e130e3f23fe86f5c6f7ad5f134f39fa2d33130ab3f6f748782d48abbf8ed4 1657
pypdf_6.9.2-1.dsc
61323b6ac4835468c08533a7e08f5aae9020799143fbd54d7b13c42913ba6bf0 7137132
pypdf_6.9.2.orig.tar.xz
7eb61c8b3c6964e4dd972c0ebb4ae64ce0f6e53d2d278718db63bbc5cf3280a6 8824
pypdf_6.9.2-1.debian.tar.xz
3b11ec4eacb9e419014f436c47d8e5c8377c49d5b217962b2c25ccac76a80332 7317
pypdf_6.9.2-1_source.buildinfo
Files:
bd1b62694a17f4cbd905debce74e0920 1657 python optional pypdf_6.9.2-1.dsc
e61d867a90ec1cb231f0a696e8006389 7137132 python optional
pypdf_6.9.2.orig.tar.xz
86c7a3e7f87a962f9da106da62a9e2c5 8824 python optional
pypdf_6.9.2-1.debian.tar.xz
cbf934ba84f4397c4b879c1602913588 7317 python optional
pypdf_6.9.2-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iIwEARYKADQWIQR+lHTq7mkJOyB6t2Un3j1FEEiG7wUCacGExhYcc2FudGlhZ29y
ckByaXNldXAubmV0AAoJECfePUUQSIbvmy4A/RA2MsMGDeI2KFITbBYYP0c95rVR
ogmzAQhKxbVUpU55AQCZrDTpmgVpYmfjI2pER1QIUiEnrwgxixeGOCmHi0PZAw==
=tt68
-----END PGP SIGNATURE-----
pgpyMoGgTYpGa.pgp
Description: PGP signature
--- End Message ---
